• TrickDacy@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    4 months ago

    I agree with you about ads for sure. But I’m not really sure what you mean about https being off by default. What I’ve noticed is that if I type an IP address into the address bar, FF first tries https and if that fails falls back to http.

    Regarding UA string: As a web developer I have worked on many projects, one currently, where browsers misbehave in unpredictable ways. Most notable these days is Safari. Without a user agent string I really don’t have a way to workaround that browser’s shortcomings. Yes, for this purpose, the UA string should be a last resort because feature detection is best, but trust me feature detection isn’t always possible. It would not work for the current slew of issues I’m working through in Safari.

    Also, I would encourage you to read up on Brave and funder/fundamentalist Peter Thiel. Brave is not only a Google supporting browser by virtue of using chromium, it’s also wrapped up in some shady shit, including being funded by a conservative psychopath.

    • boredsquirrel@slrpnk.net
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      I mean the HTTPS-only toggle. It still allows HTTP but after a warning. HTTP sites still work, so this should be opt-out.

      Safari only works on 2/3 Platforms, so I dont think a UA containing the OS, let alone a detailed “Lubuntu” etc. detail

      I heard about Peter Thiel I think in very different contexts? I wouldnt support Brave at all, I use a mix or hardened Firefox, Mull and Vanadium.

      • TrickDacy@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        I really don’t understand. So the fact that FF warms you against a (btw rare) thing is somehow not enough? …

        And I’m telling you as a web developer who has to support multiple versions of Safari, it’s not something I can just dismiss as irrelevant as you’re apparently intent on doing.

        And about brave, you brought it up not me. Still don’t understand why it even came up, especially if you’re actively against it…

        • boredsquirrel@slrpnk.net
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          4 months ago

          I am not sure how embedded media inside HTTPS websites use HTTP. But using HTTPS exclusively is very possible today, nearly no websites not supporting it. So I see no reason here.

          But this is just an example and that is also GUI configurable.

          I see that Safari and different Browsers are an issue, but do you need OS info for that? Especially fine grained info?

          I mentioned Brave because they integrated something that is not ads, but I think it is ads anyways? So not using the browser, but pro anything with direct payment

          • TrickDacy@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            4 months ago

            Still unsure what you’re saying about https. Firefox treats insecure sites as dangerous and tries to tell the user to beware, for that one time a year you might run into that situation. And by default, insecure content in a secure page is blocked in FF and I think that was true even in IE 11. That’s been pretty standard for a long time.

            Regarding OS in the UA, no, rarely would you need it. I think browsers can send whatever they want there though. Are you saying that LibreWolf sends one without OS? Again to me it’s a little paranoid to nitpick this but what I thought you were saying before is that UAs should not exist period, which I was disputing because I literally have been spending the last month working through safari specific bugs that would be nearly impossible to handle without a UA string to know the user is running safari. Sometimes I do need to know iPad vs iPhone, but that’s not only rare but probably even more offensive to you than the UA mentioning the OS/OS family.

            • boredsquirrel@slrpnk.net
              link
              fedilink
              arrow-up
              1
              ·
              4 months ago

              Firefox treats insecure sites as dangerous and tries to tell the user to beware

              I only get that behavior when setting HTTPS-only. If I dont, I think it may display a warning but thats it.

              Are you saying that LibreWolf sends one without OS?

              No they often take Windows 10 on FF ESR

              Sometimes I do need to know iPad vs iPhone

              I think that is a problem of the browser isnt it? And how does a “desktop site” button work? Does it change the UA or is there a different way to switch between the site views?

              I dont know why this couldnt be done with a “safari on iPadOS” vs “Safafi on iOS” or a separate value for “phone”, “tablet”, “desktop”.

              The OS is way less important than the browser and the form factor here.

              • TrickDacy@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                4 months ago

                I think it may display a warning but thats it.

                Yeah that’s what I said. It is your opinion that a warning is not enough but I very much don’t feel that way. Users should be treated like adults by default.

                No they often take Windows 10 on FF ESR

                I don’t know what this means unless you’re saying it just always reports win 10

                As far as the rest of your comment… I have been building websites for 20 years now and I’m not content to do things the wrong way, so I’ve researched and considered the available options.

                It doesn’t matter if it’s a “browser problem” since I don’t get to tell users that iOS sucks ass, which it does.

                Kind of feels dismissive the way you’re hand waving away all the problems I deal with all the time. Like I said, until browsers behave consistently or at least predictably if they don’t support something, UA will be needed sometimes. I haven’t needed it for anything but safari in a long time but again I don’t get to tell those users to get a decent browser. On iOS they don’t even have that option if they were to want another browser.

                • boredsquirrel@slrpnk.net
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  4 months ago

                  Users should be treated like adults by default

                  Thats why there is an “accept the risk and proceed” button ;)

                  By default, Firefox loads Javascript from any site. The Pegasus Trojan was transmitted by hijacking 2G and 3G network connections, and using malicious HTTP redirects that wouldnt work with HTTPS.

                  They are zero-click, meaning just opening that site would run the code.

                  i think security should be normalized.

                  it just always reports win 10

                  It reports to be Firefox ESR on Windows 10. Maybe Windows 11 now.

                  you’re hand waving away all the problems I deal with all the time.

                  I didnt. I just find it odd that you need to know the OS to display a site for 3 different form factors. But if that is true, then a UA might be a solution.

                  • TrickDacy@lemmy.world
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    4 months ago

                    I just find it odd that you need to know the OS to display a site for 3 different form factors

                    Yeah, a lot of things seem odd until you take 20 years to understand them.